Back to appsSubmit
sftp-fail2ban

sftp-fail2ban

Docker app from bmartino1's Repository

Overview

Easy to use SFTP (SSH File Transfer Protocol) server with OpenSSH and Fail2ban installed for extra hardening against brute force attacks. Forked from atmoz/sftp. Based on Debian Slim Image. *Shared Path is an example. You must replace the host path with the path to a folder to share AND change the user in the container path to the name of a user account configured in users.conf. See the GitHub page for more info: https://github.com/bmartino1/sftp2.

Runtime arguments

Network
bridge
Shell
bash
Privileged
false
Extra Params
--hostname sftp --cap-add=NET_ADMIN --cap-add=NET_RAW

Template configuration

SSH PortPorttcp

Docker bridge network set SSH/SFTP port

Target
22
Default
22
Value
22
AdminDataPathrw

Default admin user's host folder/file access

Target
/home/admin/sftp
Default
/mnt/user/
Value
/mnt/user/
AppDataPathrw

Docker data - this is needed to change the user.conf for multiple user accounts

Target
/config
Default
/mnt/user/appdata/sftp-fail2ban
Value
/mnt/user/appdata/sftp-fail2ban
TimeZoneVariable
Target
TZ
Value
America/Chicago
AUTO_UPDATEVariable

true Runs /stage/updateapps.sh if present custom Runs /config/updateapps.sh if present false or empty skips updates

Default
true
Value
true
LOG_STREAMSVariable

auth,fail2ban,whois (comma-separated list for Docker stdout) Tail log streams.

Default
auth,fail2ban,whois
Value
auth,fail2ban
ADMIN_PASSVariable

CHANGE ME! Set the admin password!

Value
password
PUIDVariable

User root

Default
99
Value
0
PGIDVariable

User root

Default
100
Value
0
ADMIN_USERVariable
Default
admin
Value
admin
DEBUG_TESTINGVariable

Preflight checks (makes sure Fail2ban and sshd will work) (writes to /config/debug when true), false by default

Default
false
Value
true
TAIL_LOGSVariable

T/F enable Docker log showing tail logs. This doesn't stop them from writing to the log folder.

Default
true
Value
true
CLEAR_LOGSVariable

At container restart, truncate logs in the log folder. This will move old logs within the log folder; no logs are removed.

Default
false
Value
true
F2B_CONFIG_MODEVariable

How to handle /config Fail2ban files # ===== Fail2Ban config wiring ===== # How /etc/fail2ban is populated from /config/fail2ban: # - symlink (source of truth = /config) # - overlay (defaults + then /config over) # - noclobber (defaults + non-clobber copy from /config) # - replace (use /config only)

Default
noclobber
Value
symlink

Categories

Network > FTPNetwork > Other

Download Statistics

1,154
Total Downloads

Links

TemplateSupportDocker HubProject

Details

Repository
bmmbmm01/sftp2:latest
Registry
https://hub.docker.com/r/bmmbmm01/sftp
Last Updated2026-03-20
First Seen2025-10-16

Run sftp-fail2ban on Unraid.

sftp-fail2ban is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS